Skip to main content
All CollectionsuPhishPhishing Attachments
Creating a phishing attachment simulation
Creating a phishing attachment simulation

Learn how to send out phishing simulation emails with attachments to your users.

Anna Cunningham avatar
Written by Anna Cunningham
Updated over 10 months ago

Here’s how to create a new phishing email simulation that includes an attachment to test your end users.

Please set up Message Injection in Microsoft 365 or Google Workspace to ensure your simulated phishing email will reach your end users.


Getting Started

To get started, find the Create Simulation page through the top menu in the usecure app.

Select uPhish > Create Simulation in the usecure top menu bar.


Step One - Select your attack type

Before creating your simulation, you will need to select an attack type.

There are two attack type options to choose from for a phishing attachment simulation:

  1. Attachment Open

  2. Attachment Open + Landing Page

Attachment Open attack type allows you to create a phishing email with an attachment.

With the Attachment Open attack type, users become compromised when opening the attachment in the email.

Attachment Open + Landing Page attack type allows you to create a phishing email with an attachment containing a link to a landing page.

With the Attachment Open + Landing Page attack type users will be compromised when inserting their credentials after following a URL found in an attachment.


Step Two - Choose your landing page

If you have selected the attack type Attachment Open + Landing Page, you will need to choose a landing page that users will be taken to when they click on the link in the phishing attachment.

You will see pre-built uPhish templates on this page, but if you have created custom landing pages you can see them by scrolling down to the Your Saved Templates section.

You can filter landing pages by language and region to easily find the ones most suitable for your needs.


Step Three - Choose your email template equipped with a phishing attachment

At the 'Choose your email' step, you will have the option to select a pre-built email template which has an attachment included, or create your own email template.

You will also need to create and upload an attachment if you choose the option to create your own phishing email.

Attachments should be in Microsoft Word format saved as .docx files.


Step Four - Configure your simulation

Now you're able to configure your simulation by editing the following:

  • Simulation name

  • Subject line

  • Sender name, email address and domain

  • Attachment name

  • Upload attachment file

If you have selected attack type Attachment Open + Landing Page, and created your own custom attachment, the attachment would need to contain a link to the landing page.

Find out how to add a link to the landing page in your custom attachment here.


Step Five - Select recipients & schedule your simulation

Choose your users, schedule your simulation launch date, and optionally include inline training for compromised users.

Our uLearn training module 'Attachment Phishing' is perfect for building awareness of the risks and signs of phishing email attachment attacks amongst your end users.


Step Six - Keep track of user response

Select uPhish > View simulations, and then select your simulation to view open and compromise rates, as well as find individual users.


Next steps

Did this answer your question?